{"api_version":"1","generated_at":"2026-04-23T02:57:59+00:00","cve":"CVE-2016-8206","urls":{"html":"https://cve.report/CVE-2016-8206","api":"https://cve.report/api/cve/CVE-2016-8206.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-8206","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-8206"},"summary":{"title":"CVE-2016-8206","description":"A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files.","state":"PUBLIC","assigner":"sirt@brocade.com","published_at":"2017-01-14 19:59:00","updated_at":"2018-05-10 01:29:00"},"problem_types":["CWE-22"],"metrics":[],"references":[{"url":"http://www.zerodayinitiative.com/advisories/ZDI-17-051","name":"http://www.zerodayinitiative.com/advisories/ZDI-17-051","refsource":"MISC","tags":[],"title":"Zero Day Initiative","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us","name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us","refsource":"CONFIRM","tags":[],"title":"Document Display | HPE Support Center","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-179","name":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-179","refsource":"CONFIRM","tags":[],"title":"Broadcom Inc. | Connecting Everything","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/95692","name":"95692","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Brocade Network Advisor CVE-2016-8206 Directory Traversal Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-8206","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8206","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"8206","vulnerable":"1","versionEndIncluding":"14.0.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"brocade","cpe5":"network_advisor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"sirt@brocade.com","ID":"CVE-2016-8206","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Brocade Network Advisor versions released prior to and including 14.0.2","version":{"version_data":[{"version_value":"Brocade Network Advisor versions released prior to and including 14.0.2"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Directory Traversal"}]}]},"references":{"reference_data":[{"name":"95692","refsource":"BID","url":"http://www.securityfocus.com/bid/95692"},{"name":"http://www.zerodayinitiative.com/advisories/ZDI-17-051","refsource":"MISC","url":"http://www.zerodayinitiative.com/advisories/ZDI-17-051"},{"name":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-179","refsource":"CONFIRM","url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-179"},{"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us","refsource":"CONFIRM","url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us"}]}},"nvd":{"publishedDate":"2017-01-14 19:59:00","lastModifiedDate":"2018-05-10 01:29:00","problem_types":["CWE-22"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.4},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":4.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:brocade:network_advisor:*:*:*:*:*:*:*:*","versionEndIncluding":"14.0.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"8206","Ordinal":"94825","Title":"CVE-2016-8206","CVE":"CVE-2016-8206","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"8206","Ordinal":"1","NoteData":"A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files.","Type":"Description","Title":null},{"CveYear":"2016","CveId":"8206","Ordinal":"2","NoteData":"2017-01-14","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"8206","Ordinal":"3","NoteData":"2018-05-09","Type":"Other","Title":"Modified"}]}}}